News

COVID-19 Strains Small/Medium Business Security Teams, Report Says

Small and midsized businesses (SMBs) are under increasing strains caused by the huge work-from-home surge resulting from the COVID-19 pandemic, says a new report.

The report, 2020 SMB IT Security, comes from SMB security specialist Untangle, which in its 2019 report highlighted how cloud-based services and the increasing number of branch office networks are promoting the rise of software-defined wide-area networking (SD-WAN).

This year, familiar themes are reported -- such as budget constraints hampering security -- but COVID-19 introduces a new factor as most businesses have shifted at least part of their workforces to remote work, which some plan on continuing post-pandemic. That latter finding reaffirms what some have referred to as "the new normal" of permanent remote work.

"As the abnormal becomes our new normal, SMBs need to approach remote work by using a combination of cloud-based applications and on-premises solutions to keep employees and systems safe, and ensure business continuity," said Scott Devens, CEO at Untangle.

The company's report is based on a survey of more than 500 SMBs, finding that:

  • 88 percent of businesses surveyed transitioned at least some of their workforce to working remotely
  • 33 percent have transitioned 100 percent of their workforce to working remotely
  • 56 percent of respondents will continue to have some employees work from home permanently

Devens touted technologies with multi-layered network security tools and hybrid network infrastructures, including SD-WAN, to avoid large-scale network vulnerabilities for organizations of all sizes. Untangle sells an SD-WAN router among its security wares.

Even amid the pandemic, however, some things remain the same for SMB security teams, including budget constraints topping the list of security barriers.

Last year's survey reported top barriers thusly:

  • Budget constraints -- 48 percent
  • Limited time to research and understand new threats -- 36 percent
  • Rogue employees who do not follow guidelines -- 32 percent

This year's lists the same barriers but in a different order:

  • Budget constraints -- 32 percent
  • Employees who do not follow IT security guidelines -- 24 percent
  • Limited time to research and understand emerging threats -- 14 percent

Another perennial problems is small budgets, with many reporting annual budgets of less than $1,000.

Annual IT Security Budgets for SMBs
[Click on image for larger view.] Annual IT Security Budgets for SMBs (source: Untangle).

"Of the 500 SMBs surveyed, 74 percent ranked network security as a priority for their business," the report says. "Even as such, year over year, more SMBs are asked to do more with less. In this year’s survey, 38 percent of SMBs have $1,000 or less allocated to their IT Security budget, in comparison to 29 percent in 2019 and 27 percent in 2018. With limited resources, SMBs have had to find creative ways to implement network security policies and procedures throughout the organization.

"One of those ways, according to 72 percent of survey respondents, is to spread IT responsibility across all departments internally. This means that a single individual can wear multiple hats within one business. Many times this helps a business maintain a lean workforce and meet revenue goals, but it can also mean large holes in the network. If a single employee is responsible for managing operational platforms, daily HR duties, and directory access, one or more of these may fall to the wayside, leaving outdated software or hardware open for cyber criminals to take advantage of."

Other highlights of the report include:

  • 64 percent of SMBs deployed a portion or all of their IT infrastructure in the cloud.
  • SMBs rank firewalls (82 percent), antivirus protection (57 percent), endpoint security (48 percent), archiving management and backup and VPN technologies, (47 percent), and web filtering (40 percent) as the most important features when considering which IT security solutions to purchase.
  • While SMBs have adopted a hybrid on-premises/cloud-based IT infrastructure for business applications, with a small percentage increase of cloud deployments compared to last year, most SMB’s (71 percent) have their firewall on site rather than in the cloud.
  • 48 percent operate in more than two locations, making SD-WAN an ideal technology for them.
  • 45 percent, indicated that they have adjusted or reevaluated their IT security roadmap based on recent security breaches and ransomware attacks.
  • Of those SMBs surveyed and who experienced a data breach within the last 12 months, 15 percent were able to stop the attack or any unauthorized access before sensitive data was extracted.

The report is available for free upon providing registration information.

It joins others that have illustrated heightened cybersecurity threats amid the pandemic. For example, last month, VMware Carbon Black's latest security threat report warned of overloaded security teams, a sea of distracted new remote workers exposing more vulnerabilities and new attack vectors to worry about.

"The fear and paranoia coursing through the world left organizations particularly vulnerable to cyberattacks -- which shot up by an estimated 66 percent" after the pandemic hit, says the fifth installment of VMware Carbon Black's semiannual Global Incident Response Threat Report.

Also last month, we reported on how the international police organization INTERPOL said "fear and uncertainty" help hackers exploit the pandemic.

Another report indicates organizations have adjusted their priorities amid COVID-19, focusing on cybersecurity, cloud and AI.

About the Author

David Ramel is an editor and writer for Converge360.

Featured